Skip to main content

Book Review: Daemon (2006) and Freedom™ (2010) by Daniel Suarez

Executive Summary

If you appreciate hacking stories like The Girl with the Dragon Tattoo or gaming stories like Ready Player One or stories that combine both like Reamde, you will love Daniel Suarez’s Daemon and Freedom™ like I did. If you similarly like Michael Crichton books like Jurassic Park, State of Fear, Prey, and Disclosure, you will think that the always-intriguing author has returned from the grave. Suarez’s two books tell one long story and are loaded with seemingly futuristic ideas that are just years away form general deployment. Suarez introduces these new ideas from an old-school hacker perspective in an effort to reboot the world order. He and his key protagonist, the designer of the Daemon, think that all governments and their corporate overlords are too corrupt and that the only way to resolve the matter is to burn the world order to the ground and start over. The Daemon and its disciples infiltrate everything through the direct application of hacking, assassination, and intimidation. The old-world order fights back and results in an epic confrontation of brute force versus technical force. I recommend both books strongly. Suarez demonstrates quality writing that gets the technical details right. The two books combine into one story that is cyber-security-canon worthy. You should have read them by now.

Introduction

Published in 2006 by Verdugo Press, but self-published first by the author and his wife in 2006,[1] Daemon is a story about hackers who begin a revolution using near-future technology as catalysts to change the world. The sequel, Freedom™, published in 2010, is really the second half of the story. Daemon and Freedom™ describe a world that is rebuilt from the ground up if hackers were to seat themselves comfortably at the design controls.

The Story

The premise is fascinating. Matt Sobol is the long-time CTO and founder of a gaming company that built and maintains a hugely successful World of Warcraft-like massively multiplayer online role playing game (MMORPG). With that experience, he learned a little something about artificial intelligence and how it interacts with real humans. In the first few pages though, Sobol dies of cancer. In his place, he leaves behind a software daemon that, in interviews, Suarez has said is a “transmedia news-reading, human-manipulation engine.”[2] 

For the uninitiated, the word daemon is 

"an acronym for Disc and Execution Monitor [used in UNIX environments] and is pronounced {dee-mon}. Essentially it is a program that runs in the background, fully automated, and usually handles mundane activities such as log in requests, initiating transactions, etc.”[3] 

Sobol’s daemon is a little more sophisticated. As the mad genius of the story, Sobol anticipates his death, designs a complex logic tree of potential outcomes, and configures the Daemon to watch for those outcomes. His purpose is to inject catalysts into the old-world system to cause revolution, a reboot if you will, and he is not against burning the entire world down to get it.

Suarez tells the story in two parts. The first book, Daemon, revolves around the rise of the Daemon, its disciples in the Darknet community, and how the US government and its corporate partners plan to defeat them. The good guys in the story, the ones organizing against the Daemon, consist of an NSA code breaker, a local California cop, an FBI SWAT team commander, a CIA special operator, and a software security consultant/gamer/hacker. The second book, Freedom™, focuses on the Darknet reboot aftermath, how society changes for the better after the reboot, and the cataclysmic showdown between Darknet forces and the commercial and government forces attempting to hang onto the past. Some of the good guy forces from the first book eventually switch over to the Darknet side, realizing that there is no going back and that the reboot result is way better then the old system.

The Tech

Some of the hype around Suarez is that he is a legitimate heir to the Michael Crichton throne of storytelling: fiction such as Jurassic Park, State of Fear, Prey, and Disclosure that is about the societal impact of technologies that are just a few years away from reality. I concede the comparison. Both of Suarez’s books are loaded with some fantastic ideas that already exist and could be in common use within the next decade. Things like “sound production without speakers [that] can make voices appear in mid-air,” autonomous vehicles (in 2006, this was four years before military drones became the operational centerpiece to President Obama’s foreign policy decisions in the Middle East), advanced voice-recognition systems, desktop manufacturing, and augmented reality are just some of the technologies that drive the Darknet.[4] 

Of course, because Sobol is dead, he needs living surrogates to do his bidding. One of the things his Daemon does is recruit, initially from his game. For the non-gamers in the crowd, people who excel in MMORPGs have a lot more skills than simply pressing the Enter Key really fast in order to kill monsters. As they progress in the game and gain experience, they learn how to organize large groups of people from around the world, function within a team to accomplish team goals, assess strengths and weaknesses within the team and of potential adversaries, and plan and execute operations that leverage those strengths and weaknesses for success. If you think I am kidding, read Rick McCormick’s article on The Verge that describes the epic space battle that occurred in January of this year. In an MMORPG called Eve Online, McCormick estimates that more than 5,000 players joined the fray on both sides of a conflict that ultimately resulted in the loss of more than $200,000 of real US dollars because of the resulting virtual spacecraft damage. Building up fleets of that size takes years of planning and effort. The skillsets involved are quite extraordinary. These people have no lives in the real world per se, but in the game world, they are the centers of power and manipulation.[5]

Sobol knows this and recruits the best players in his game by giving them special missions to test their individual skill sets. He eventually sends the best of the best out of the game to accomplish real-world missions, and this is where the hacking comes in.

One of the main recruits is Brian Gragg (hacker name: Loki). Sobol tests Loki by having him break into a remote facility using nothing but his hacking skills. Loki uses a software tool called “Netstumbler”[6] to locate a wireless access point that is using Wi-Fi protected access (WPA) for authentication. He uses another software tool called “Air-Jack”[7] to force key exchanges from the Wi-Fi router and uses a third tool called “Asleap”[8] to collect the wireless key exchanges. (By the way, Wi-Fi is not an acronym. It is a brand name chosen by a committee to represent interoperability efforts between vendors for over-the-air Internet access.[9] Who knew?)

Loki cracks the WPA key by using an off-line phase-shift keying (PSK) dictionary, basically a collection of words that he can test (brute force) against the acquired keys. Once on the network, he usesa fourth tool called “Superscan”[10] to ping sweep and port scan the entire network. He telnets to the one Unix machine (OpenBSD) that he can see and uses a simple network management protocol (SNMP) buffer overflow attack[11] to compromise it. Once in, he finds that the Unix box is connected to a Web server that is tightly locked down. He uses an SQL injection attack[12] to break in, and Sobol rewards Loki by making him a key operative in the Daemon’s quest. That sequence is a real-world hack using legitimate hacker tools that could have worked in 2006 (when Suarez wrote the book), and most likely, a hacker could use a variation of it to break into some systems today. 

Sobol collects people like Loki, black-hat hacker types, who have no moral problems with killing bystanders and intermediaries for the greater goal. But he also collects people with more socially acceptable skills to round out his new world order called the Darknet. The purpose of the Darknet is all-out destruction of the status quo: corrupt governments and the international corporations that pull the strings in the background. The Daemon infiltrates as many corporations as it can (the good ones and the corrupt ones) via the Internet and through Sobol’s Darknet operatives in the real world. But the Daemon does not destroy these companies; it creates a symbiotic relationship with them. It tells the organizational leadership of these now-infiltrated organizations that if they accept the relationship and some basic behavior rules, they can still function. If they don’t, the Daemon will destroy them. Many do not comply, and the Daemon vaporizes them by erasing all of their corporate data (and whatever backups they had). Those that comply donate a small percent of their revenue to the Darknet cause but are allowed to stay in business. The money the Daemon collects from the thousands of companies it infiltrates funds the growing Darknet.

Darknet operatives wear specially designed sunglasses that act as a direct connection to Darknet operations. The glasses provide the wearer with an augmented Darknet reality, broadcasting video as an overlay to the world directly to the inside lens. The augmented reality allows Darknet operatives to recognize other members and to manipulate Darknet objects, initially Daemon programs but eventually programs and data sets created by other Darknet members. The Darknet glasses are eerily similar to the Google Glass experiment that we started reading about in 2012.[13] Because Suarez first published his book in 2006, that is a nice prediction to get right six years before the technology became available.

Darknet operatives plan and communicate through this interface, this D-Space. Their opponents desperately try to crack and infiltrate the D-Space network in order to collect intelligence that will help them defeat the Darknet forces. I found this idea intriguing and realized how closely it mirrors some thinking from the intelligence community in the last decade. US intelligence organizations have considered the prospect that these MMORPGS could be used for terrorist planning purposes.[14] You can log in from all over the world, your avatar is for the most part anonymous, you have access to voice and message communication services within the game, and the language of the game suits itself to planning and destroying military and civilian targets. Players of the game use the same language to actually play the game.

Conclusion

I loved these two books. They fit nicely into two separate categories that I like to track: hacker novels that do not exaggerate the genre and the combination of gaming and future intelligence collection. It is not a perfect story by any means. You have to suspend disbelief a bit to accept that notion that Sobol could anticipate every major response to his Daemon over a three-year period. With Sobol’s great insight, he develops a viable plan to do something about each and every response from his opponents and programs the Daemon to execute that plan, and everything happens without a glitch. Personally, I can’t get my browser to work correctly unless I reboot the computer on a regular basis. But I am fine with that little conceit. Sobol is the mad genius after all, and I have suspended my disbelief for other novels with similar characters. Also, Suarez presents a love story between the good guy hacker and the NSA code breaker that seems a little forced. But these are minor quibbles. Daemon and Freedom™ together represent an engaging story. Along the way, Suarez introduces the reader to some new tech that will be available to the general population in the near future, describes what it takes to be a real hacker, and highlights how the lessons learned through MMORPG development might be beneficial in the real world. 

The bigger notion that Suarez gives the reader, one that can be lost with all the other amazing things going on, is that Suarez does not like the direction the country, and indeed the world, is going. He believes that most people do not realize it, but that we are all slaves to some severe controls that our governments and their corporate sponsors place upon us, that we all depend too much on these handlers and give away too many liberties to them in the name of security and fear. The title of his second book, Freedom™, is no accident. He does not believe that we can unshackle ourselves without some sort of major cataclysm. In this exciting story, the Daemon causes that cataclysm.

If you appreciate hacking stories like The Girl with the Dragon Tattoo[15] or gaming stories like Ready Player One[16] or or stories that combine both like Reamde,[17] you will love Suarez’s books like I did. I can say the same thing if you are a Michael Crichton fan too. This story is a worthy successor to some of Crichton’s best efforts. I recommend both books strongly. They represent some quality writing that gets the technical details correct. They are cyber-security-canon worthy, and you should have read them by now.

Note

I worked for iDefense (a VeriSign Inc. business unit) the first time that I wrote about Daemon and Freedom™. Jason Greenwood, the current iDefense general manager and an old friend of mine, has graciously allowed me to reuse some of the original content from that essay for this updated blog post. iDefense is still one of the best commercial cyber security intelligence outfits out there. If you have cyber intelligence needs, you should consider calling them.

Sources:



[1] “How the Self Published Debut Daemon Earned Serious Geek Cred,” by Josh McHugh, Wired, 21 April 2008, last visited 9 February 2014,
http://www.wired.com/culture/culturereviews/magazine/16-05/pl_print

[2] “Understanding the Daemon,” by Frank Rieger, Frankfurter Allgemeine, 5 January 2011, last visited 9 February 2014,
http://www.faz.net/aktuell/feuilleton/medien/english-version-understanding-the-daemon-1621404.html

[3] “Don’t be a Cog in the Wheel,” by Tyler DFC, PAJIBA, May 2010, last visited 9 February 2014,
http://www.pajiba.com/book_reviews/book-review-daemon-by-daniel-suarez.php

[4] “The technology depicted in Daemon and FreedomTM may seem like science fiction, but it actually exists . . .” by Daniel Suarez, last visited 9 February 2014,
http://thedaemon.com/daemontech.html

[5] “Spaceships worth more than $200,000 destroyed in biggest virtual space battle ever,” by Rich McCormick, The Verge, 29 January 2014, last visited 9 February 2014,
http://www.theverge.com/2014/1/29/5356498/eve-online-battle-sees-200000-dollars-worth-of-spaceships-destroyed 

[6] “Netstumbler Downloads,” Netstumbler.com, last visited 9 February 2014,

http://www.netstumbler.com/downloads/

[7] “Airjack,” by abadd0n & XX25, Sourceforge, 9 April 2013, last visited 9 February 2014,
http://sourceforge.net/projects/airjack/

[8] “asleap,” by joswr1ght, Sourceforge, 8 August 2013, last visited 9 February 2014,

http://sourceforge.net/projects/asleap/

[9] “WiFi isn’t Short for Wireless Fidelity,” by Cory Doctorow, boing boing, 8 November 2005 at 5:43 a.m., last visited 9 February 2014,
http://boingboing.net/2005/11/08/wifi-isnt-short-for.html

[10] “SuperScan V4.1,” by McAfee, last visited 9 February 2014,

http://www.mcafee.com/us/downloads/free-tools/superscan.aspx

[11] “017: RELIABILITY FIX,” by OpenBSD, 14 February 2004, last visited 9 February 2014,
http://www.openbsd.org/errata33.html

[12] “SQL injection Basic Tutorial,” by ZSL, GovernmentSecurity, last visited 9 February 2014,
http://www.governmentsecurity.org/articles/sql-injection-basic-tutorial.html

[13] “I, Glasshole: My Year With Google Glass,” by Mat Honan, 30 December 2013, last visited 9 February 2014, 
http://www.wired.com/gadgetlab/2013/12/glasshole/

[14] “MetaTerror: The Potential Use of MMORPGs by Terrorists,” by Roderick Jones and Andrew Cochran, 1 March 2007, last visited 9 February 2014, 

http://counterterrorismblog.org/2007/03/metaterror_the_potential_use_o.php 

[15] “The Girl with the Dragon Tattoo (Millennium #1),” by by Stieg Larsson, Reg Keeland (Translator), published 16 September 2008 by Knopf, last visited 9 February 2014,
https://www.goodreads.com/book/show/2429135.The_Girl_with_the_Dragon_Tattoo?ac=1

[16] “Ready Player One,” by Ernest Cline, published 16 August 2011 by Random House, last visited 9 February 2014,
https://www.goodreads.com/book/show/9969571-ready-player-one?ac=1

[17] “Book Review: "Reamde" by Neil Stephenson (2011),” by Rick Howard, Terebrate, 4 January 2014, last visited 9 February 2014,
http://terebrate.blogspot.sg/2014/01/book-review-reamde-by-neil-stephenson.html 

References

“Daemon and Project Glass,” by Doug Johnson, The Blue Skunk Blog, 26 April 2012, last visited 9 February 2014, 
http://doug-johnson.squarespace.com/blue-skunk-blog/2012/4/26/daemon-and-project-glass.html



Comments

Popular posts from this blog

Books You Should Have Read By Now

When I started Terebrate back in January 2010, I always intended it to be a place to put my book reviews on whatever I was reading. Since then, a lot has happened in my professional life. I changed jobs, twice. I presented my collection of cybersecurity book reviews at the annual RSA Conference and suggested that the cybersecurity community ought to have a list of books that we all should have read by now. My current employer, Palo Alto Networks, liked the idea so much that they decided to sponsor it. We ended up creating the the Rock and Roll Hall of Fame  for cybersecurity books. We formed a committee of cybersecurity experts from journalists, CISOs, researchers and marketing people who were all passionate about reading. My collection became the the candidate list and for the past two years, the committee, with the help of community voting, has selected books from the candidate list to be inducted into something we are calling the Cybersecurity Canon. It ha...

Book Review: The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage (1989) by Clifford Stoll

Executive Summary This book is a part of the cyber security canon. If you are a cyber security professional, you should have read this by now. Twenty years after it was published, it still has something of value to say on persistent cyber security problems like information sharing, privacy versus security, cyber espionage and the intelligence dilemma. Rereading it after 20 years, I was pleasantly surprised to learn how pertinent that story still is. If you are not a cyber security professional, you will still get a kick out of this book. It reads like a spy novel, and the main characters are quirky, smart, and delightful. Introduction The Cuckoo’s Egg is my first love. Clifford Stoll published it in 1989, and the first time I read it, I devoured it over a weekend when I should have been writing my grad school thesis. It was my introduction to the security community and the idea that somebody had to protect these new-fangled gadgets called computers. Back in those days, author...

Book Review: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen (2011)

Executive Summary Kingpin tells the story of the rise and fall of a hacker legend: Max Butler. Butler is most famous for his epic, hostile hacking takeover in August 2006 of four of the criminal underground’s prominent credit card forums. He is also tangentially associated with the TJX data breach of 2007. His downfall resulted from the famous FBI sting called Operation Firewall where agent Keith Mularski was able to infiltrate one of the four forums Butler had hacked: DarkMarket. But Butler’s transition from pure white-hat hacker into something gray—sometimes a white hat, sometimes a black hat—is a treatise on the cyber criminal world. The author of Kingpin , Kevin Poulsen, imbues the story with lush descriptions of how Butler hacked his way around the Internet and pulls the curtain back on how the cyber criminal world functions. In much the same way that Cuckoo's Egg reads like a spy novel, Kingpin reads like a crime novel. Cyber security professionals might know the...